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L A campu&r*a$»i$ted incihocl of generating at one mi procedure 
for a target system fesvjag at W cm device capa&Sfc of being ktemtflcd, cock 
of t he at least: one device ihaving hardware aftdfor software* said method 
cprnpnsiRig the &eg}$ of:: 

a) collecting information descriptive of at: im&i a hardware aud/cr soft ware 

sjreciftcatksn fat" fhe &i least devk&; 

b) selecting m -least one predefined $t&*daRl, negtitatum and/or a^uktmcm 

wiih which the target system is t» comply; 

c) ass»ctfti:mg hardware m&or 'software Mommon pertaining to tbe at 

teasi one device, collected in said step si), with m fern om predefined 

pMforrn category; 
4) far each of &xh& at least o*se plalfomi category* determining which of 

one or marcs lest procedures wall be used to test hardware aadfar 

software as^Dcidted wish said at least one plaifbrm category based on a 

mapping between tke test procedures am! th« at least one pr&defitted 

Standard, rc^MklloR ftftd/ttr TK^Hiremem; &n*t 
e) generating om or Rwe t^ procures as d^ersnjts&d lit $a*d step rf> for 

each platform categ<sry:. 

2. The mesfiod iu;s*>*vlmg to clftic* .2 ^rtht?rct>reipdsang the step of 
assoctatif^g u Mm om applicator* software program witti at ka&t &m 
pfoxfotm easfrgswy, the association indicating that riie asplicasuoa program m 
typjscaily m,&tlfe4 0*S <bvt&$ belonging to tfje pl&f&fm category. 
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3v The, method aeco^ng to claim 1 whereia *asd a) mformatton is 
collected, for the target system comprising a plurality of device wi : && a 
fictwari;, by at least one oi eJectmaic discovery via a aetwork iind mmml 
entry. 

4. Tire method according to ckum .3 whowb electronic <fex»ve7y 
composes an enterpdse man&gemem system, 

5. 'Hie: method aeswting to cJstro £ vvfcsrew infonSl^lioii collected in 
said step &} p&nmm to at .least otw of: m irtfemet protocol addsess,. a 
ho&ftar&e. -a media -access control address, aa operating system rutrcw-, and m 
opera* tn$g. systswi vttrjiion.. 

6. Use mesisod sccoixilmg to claim 1 furl tier comprisiag the s*ep of ed^big 
said step a) Mormstiorj descriptive of m least the hm&w fc s^dfkatta and 
fche o^ftstiag system <Mf &a£fc device,. 

7. The. mirths according to claim 1 wf*e*$ta the. pkufomi c»tcgorf es 
comprise at least otic of deslsx^eom^ter^ Sagsrop eewsapttter, tRaiflifnsflftet. 
computer, hub, handheld device, and other. 

I, The mesfKKi aqs^ins to claim 1 turrhcr mmp&mngitwmp of prMng 
at least oae test procedure generated m e> 

9. Use aae&oii .according to claim I wherein said step e) genomes case e&se 
fimcectitjic: for a platform .category wfcsrt ihrre stro no devices s?^:s;?tfifttl 
therewith, and generates on* test ptccedute for each device associated with a 
^lMfo?k?3 category having Sri iadic^tiuji tot $uch4&v&e i$ to be tested. 
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t0. The method according, to claim I tnnh&t eompmiag rh« steps of : 

f) r^rfaimlRS the mps associated wi'eh the- test 'procedures* generated in 

sw4 mp s> to <bte?msri£ w&erher tlie s&^ee system §?a$$e$ m fails the at 
one the Jest prXK-eduie- 

g) gcfwr-aiiiig a score for each of a pteraiity of ttoffeat elements, each. 

indicating a likelihood of that times! element a?feeiing ami/or 
impacting the target system; snd 
h> (i) obtaining a threat correlation imlkatkm associated with said at Least, 
test prfi££diire, wltefem said threat correlation iridicatmH srcdkaS&s 
& relati ve patents! of ose or more giver* tftrca& to exploit a 
vwlnctfahtlitty caused: by a failure of the & least one test, procedure^ &n& 
(23 ctetcmihung a risk assessment by mmpMng each score generated m 
mtd step %) with a cow^pondifig (hrt?^ cojwl^km imfc&ariori of "sstM 
step!*) (I), 

I I ; The all eth&d according to elaim 10 wherein Said scores Kit Said step e ) 
eomp&ft at leas* one of: 

s) negligible, where*** negligible iswtf &&e$ that the threat ekmeat is not 

appfeibfo or has isegligible f«k^ihood.of occurrence; 
ii) iow, wherein low indicates thst the threat element, hm a relaliv-ety low 

likelihood of occurrence; 
in) medium, wherein medium m<&eai&$ ibM the thre&lE dement has a 

mediae ii&e&fcood of occMfif£rt$e; and 
iv) Mgh> wrserei*i high indicates to the threat element km a relatively 

high likelihood 0^ ocsunc&ce. 

12, Th£ Biethod ifcceordirig to claim 110 wherem fcaid siep g) thrtat 
eta*et*t$ comprise ait teas* om vimumti di&tster eteemms* system iukm 
eteimcfUs,. environ&i&ttUiJ l'^i«jre elements* uirifitediEOrtal huraa& eleiiiertts, 'and 
intentional kwnm elements. 
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1 3 Tfcw method xenmflmg. to claim \whor*?'i;n f&e natural di-saswr tform* 
dements comprfee. a* om of fire, Wood* eajtl^u^kc, v^tessp, tornado ml 

14, The method according to d&im .1.2 wherein the system foalum threat 
dements comprise #t least oaf. of 21 hardware failure a jiwcr failure mid u 
zvmmunkntim. link future. 

15. The rneihtxi according to claim 12 wh&xzm the environment^ failure 
thp^ete&tei&s comprise m itmi tm& of mmpcmim, pdM&t, huniidfiy, 
timu shack, vmd vibrak*n. 

36, The moshod wcwding to cftmm 32 whemki the Imtnaa tmtmettti&nsi'l 
thwM Qfamsnt composes at teeist one of « software design emir, a .s-y stern 
desiga emjr, &fid an operator em&\ 

17. The misihtai &&oftlirig i& slain* 12 -wfofciffciij. the htftft&i imemiOrt&J 
thras elements comprise as \?>m. on« of an authorized system administrator, m 
authorized mmmmwncxt p$rsGnm&+ m Mnhotrwtl mcr> a terrorist, n hmkcr t a 
&\hm&m* $ thief : &tu1 a vandal, 

1 8. The inethCHl aopurdirig ty da&n 10 wfe&rc'm smd step Is) <i) threm. 
ttsmsM'aon mdfcaUtm coiitprises at Je-a&i <mt the fullaw&g $c#i*;$i 

a) msgliglbk\ wherein negligible indites that the threat & not applicable 

to i\& vufo&rabil ky; 
ii.) low* wherein fow indicates ihm thc-thre& has- it low pctteati&E to*?xptoj* 
vulnerability;. 

iii) medium, whe&tft m&dEti&a indicates thai the threat has a potential ;o 
cxpSoi* the vukieratrHsty; and 
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iv) high, wherein Mgh iadieatcs that the thfeat has a rci&tiwSy- High 
l^jtetittai io exploit the vnlngi$bfci*y. 

.19. The method according to claim i% wherein the risk asses&taerti in s&td 
&tsp h) {2) & *&&nnme4 i» accordance- with the following steps: 

a) for each dgti&at s« the projsi^ sJuxsat piufite iaui e^espfcflding etet*mt 

1 ) if a threat element as determined m said step g) ts negligible and a 

<m resjfjCSiuiifig etemfcM taihe ihreai efinfctaitort indication m 
determined m said step b) is anything* then the overall risk of ihe 
ek&ttm is negligible; 

2) if i\ threat fckmem score t& defiermirted .said siep g) Is low- oad the 

mrre&pondsng demcat m the ihrcitt cftrnrjattan indication a:> 
deternilnsd in sasd step h) Is R£glagi:bk t then th& overall risk of the 
dement is low; 

3) *f a rhrea: elsmeat &eore as de^rimned in %m& step g) h low and the 

Wftcspctsdingcbrttent: in the threat correlation indk;atioii m 
detenrtined M -saitf ssep J?) as .law, ttas the overall risk of the 
clement is hw: 

4) tf & threat ele^m score as deceraiined in said siftp g) is low and (he 

Cttn^p&nding element itt iht Uittm correction mdicaMpn as 
dctsrnamed in= .said b) Is rrvedium, tMw lbs ovcfsiU r&k of the 
etemem is low; 

5) if & threat stesiKsm $co?s 35 deterrmised m said *Mp g) fe low ao4 tbc 

corresponding elenriem in She threat eotPfttation indication as. 
detenrdttsd in said $Usg> h) is iagh, th<*n the ovsrcdli risk of the 
decent ..fa medium; 

6) if & threat etemem score as dtaamttn&d trt step g) is medium and 

the c«Kgtt»jxxfftt£i.fig: tl^mcni in ilic ilifcat corr&tatiroi MMlieation a* 
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determined in *aM &cp h> is n^%i.bie, thm overall risk of J he 
dement k negligible; 
7} « ifcrcas element so>f£ »s determined m $ml m\> g) h medium and 
tlte conci>i>i>:iidjji|; elem&m hi th& tltfcat. voirel^ki-n indication 
d&erauned in said step h) is low, ttet the overall risk tlae 
ekn&M. is fow; 

$} if a- $hrcai elciwent sew as determined m said step g) & median* m& 
she cQiraspoBdiag eiemsnt m th« threat. c©.rretasio« mdk&taon as 
detenmtied in s&d step h) is medium, t.hea t&e overall mk of thse 
element medium; 

#) if a.t&n&u etemeat scorn m deusrirafcftsd in said swp g) ss msdium and 
the corresponding ciemeat it* the thtear.£*atelaiio« iadtcaikart as 
det&miinctd m said s^p it) & h*gh t Jta ihe «w.ia!i risk of the 

K)> \t # threat element score as <fctc«runcd in said $?ep g) high and 
the; cotxiespGndingelemcftt in ih& ite&s cosrdaiksrii indication m 
deserflttfted ict said h) & negligible, then the overall r&k of the. 
clement is negligible; 

J I } if a thrcstf etoem scon? as determined in mid step g} is high ami 
the conespo;ncfmg element in the tfereatcowdMan indication as 
determltusd in said step h) i& lew, then the overall mk of the 
dement H medium; 

1 2) U a thrcaJ etoicm spore d^rmlnM in md saep g) is high and 
<fce cwrc^KMKttng element in the thteat corcelauott imf icatfkm as 
determined &tkt step h) is .medium, then the -overall r&K of the 
elem&B* is tHgfc- and 

1 3) il a tkmt dement score as dstennined In said step g) is high and 
the corresponding element m Uie teas oon^lation Miction as 
dc4enumcd in said step ts htgfr, then the overall risk of she 
dsmsm.is high; and 
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It) selecting the. risk profile for the Hilled rest pro€edtt& as feemg the 
highest overall risk elesmat, 

20. The method according to claim l f > farther <*>mprhiti& the step 
determining an overall system risk* 

21 . The method according eo claim 20 wherein the overall target system 
risk k ths highest overall mfcekmsfl* *f each of pee or rnore MM 

22. The method according to elaiim 20 fiK^rconapdHOg the step of 
printing a ekicransff trt too package that will enable a dctcnttimtioft to be made 
whether the taiffri: »> a »cm cwnplfcs with she « teas* one piedeffaed miadatfL 
fegitiation aa^or rsquirenseni selected in s&sd step fc). 

23. The nsethad arocadiflg ta claim 22 whereto die docamefltaison 
package inciiid&i a risfc.«ssessmem for at least one failed test procedure. 

24. The method accosding to claim 22 wtemm to documentation 
package intrudes m overall .target- system risk. 
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25* In a gcftcritl purpose computing system, a computer ^as in stcd rncthcRl 
of generating at tesst om test procedure for a target syutm having at least one 
device capable ol being i dentified, each of the at least one device having 
hardware aud/or software, m4 method comprising &e stcp$ of: 

a) collecting tefbrmaika* descriptive of a* a hardware m&or software 

$pe€tftca&xrt for the .aft least one devkse; 
fe) setaing as toa on* predefined standard, jregidanon sr^or f^u^menj 

wfch which the targe* system is to comply; 
c-) assfcd&ttng ih^w^P? «n^-i?rso.ftw^ i;nltomio« pc4FWtf*ifo& 10 ^ at 
least arte device, collected m said step a), with at least one pre>defi n«d 
plaifonn category; 
d) for each of said at least anc platfomeategorv, dctcrm.msflg whfch of 
one 0f more test procedures will be used to test hardware artdfor 
Software associated with said at least ortc platform category based Oil a 
, raappiag fcctween: the test ;p^edure$ m& the at km one predefined 
ssaitdard, regulation and/or requiremeiU; ami 
. e) generating orte «r mora &t«i procedures as idetermfcftcd let said 6iep d) for 
£it£h platform category. 

26> tlxe system according to claim 25 farther composing: the $tep of 
associating kt least one application software piograa* with at tost orse 
platform cate^ry, the a&StfciatiOfc indicating; that (he application prolans is 
typically totalled <m devices: kcionging to the platform category. 

27- The system according J© eMm 25 whereto $M step a) iufcifrnarian is 
collected, for (he target isyMcm comprising a plurality of devices within a 
Network, by mMui om ^mcmMc &mmty via $ network arid manual 
cm;ry< 
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2&. Hie system rcemding to claim Z7 wherein cJecwwiic- discovery 
comprises m enterprise maaagemcftt system. 

2% The ^stem wording m clmm £7 wk<mm the mf$mw<?n collect ii 
safcl $E£j> a) pertains io at least, une oft at* interne* protocol address, a 
bosf naiac a media access control address* act apemdng system name, and m 
operating s^tcm versiou. 

30. The system ssecotftag to claim 25 tote the step of 
edltusg said step- a) iMorniMoa descriptive of at least tfce hardware 
^Ksctfkaiion and the operating system of each <tevka. 

3 1 . The syMero. accotdiflg. to daim 25 iriierein <bc ptoforns categories 
comprise at least oei* of dcsku>pcaniputcr, laptop computer, mainframe 
computer, hub, haridbdd 0cvi.ee, m&otk^ 

n. The system /acewdiftg to claim 25 farther eomprisiag the step of 
printiag u least one test: procedure generated tn said step e)* 

3& Tfec system according to claim 25 wtei.n said step c) generates one 
test pwe4ure few a platform calory when there are no devices associated 
therewith. *&d p«s cine test pt^ediir* for device .assraciated with. 3 
platform category ^ving *a *adfe*t»a tW Such <tevk* 4$ to be tested- 
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34. The aymm according to claim 25 farther performing the steps of: 

f) |wrff)rmmg the steps as5>ocbtcid wtth the test prW£&xrt& generated ia 

said step 10 dete^tbe whether the target system parses or fails the at 
least oac the tm procedure; 

g) geoerctiag a score for ^acli of a plurality of threat elements., each score 

indicting a iifct&ood of t hat ihtfeaf-deHftesi affecting «id/of 
impacting: t&e tai|ei svstem.; and 
fe) { |) obtajmng a threat cqrnrfatfori tadkatioft associated w**b *tf kM* 
o«e jest procedure, wherein said threat eorreiatitfft indication indicates 
a rejfitiv^ pousmial ofc«*e or more given threats to exploit a 
VBifterability caused h$< a Mlmt of the at. least one test proced tiie. and 
(2) detecmtitiag a risk. a&st^meot by compar In® «ach score generated t« 
said wiifo %<$im$p<}n&i$B thm&commw indication .of said 

35. The system &rca«3ii3g todasra $4 wherein said scores for said step g) 
comprise &t least txnc t^f: 

i) RCgligMc. wheitin negligible indicates that the threat elcircni h mtf 

applicable or has negligible lifcdihcKtf of occuiwaee; 
liy tow, wtem low iadieates; tost the thrcaretoe«i has a rdatively low 

likelihood of occurrence; 
ill) medium, whereto medium EttdkaiftS that she thretf denwnt tm a 

med&m likelihood of ^tttterece; 
iv) high, wherein Mgh indicates that the threat element has a- relatively 

high likelihood of <xxmwix& 

36. the system sceor4ing ujd&m 34 wherem said step g> threat ekmcms 
comprise at least one of iuftjn& e|ea$ni&» system failure eJerrieri& 
environrnent&l failure d«n«a*s. tiitiftte&ftaftal human elements, and in^rvtional 
human dements* 
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$1. im $$mtm aecottli&g to cmm 36 wherein the natural disaster threat 
elerm^t* &mpfi$£ at t**i& fcoc Of fixe, flood, earthquake, volcano, tornado mai 
lighting detnerus, 

3& Tltc system ts&cm&n& to vteim 36 wtwxsin the system failure, tteiH 
elements comprise at least one of a. fcaitfwai* fat Jure, a power failure, and a 
communication link failure. 

39, The system according iacft&H 36 w&emin she ertvironmen&l failure 
ihiteat elements comprise at least <me of tempentture, power,, humidity, sand, 
dust* shocked vibration* 

40. The system a&crtmg to thim 3# wherein tte t>t>m9Ft imintetttional 
ttoa?: dsmeii* eoapiscs si isast cms of a software design error, a system 
dmign mm and m operator error, 

4-L Tiie *ys*em acconSiag: to claim 3=6 wbercira the human iiuenJkm&i 
threat .eksrowfts comprise km one of #Et wHtfewiaed system admiflisusttor* an 
suthomett mateaance psm*&r&h an aaflwBMd user, a. tm&m\ r & hacker, a 
saboteta; a thief, and a vandal. 

42, The system acratUiig to claim 34 wherein saftl $«q> W < 1) «H««t 
tftawliatioo in&eMtf>nftympti$fis at least i>ne. of the fcJkxwang scorw. 

i) msgligibk, whetta'a negligible indicates that tKe threat U mi appl kabte 

to the vulnerability;; 
ti) low, whejejJ* low Micaies that the 3hi£M has a low jx&cmial to exploit 

the vulnerability; 

*»} Hiediuin, w herein medium indicates that ihc ibitM hits a jtttefttUii to 

exploit tftc vulriefability; imrf 
i v) high whcrcEft high indicates that the threat has a relatively higft 

po&mtisi lo exploit Uw vulnerability 
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43, The system according to claim 42 wherein the mk assessment is* s&i<I 
step h) (2) is deierroirced in accordance with iteftflowiag steps: 

a> for each elenaer* m the project threat profile and corresponding efeniem 
m the Oral correlation pattern; 

i> if a threat elemeaf as dctennined. in said &t<5p g) is aegtigibie and a 
corresponding element in the threat correlation indication m 
determined in said step h) {31) i$. anything, then the overall risJc of 
theelcmertf i& ac^lijpfcle; 

2} if .a threat element. as detsmtinsd in said step g) b few mi the 
caeiesffflcidifl|j. element ift the threat eoirs&tioa fcidicatioa as 
determined in said Step h) (2) is negligible, then the overall risk of 
the clement is low; 

3) II 'a ii*reat ctaieitt as decennined m said *lep g) is low and Uk 
<XMtespaadi»g eleraeitt ia the threat correlation iadicalkm as 
detemused fa), sud M fit) is low, (hen die overall risk of the 
element is low; 

4) if a drear dement as determined tn said s^p g) is low and Use- 

cories|K*ading eletweni. tn the trtr^ai correlatlois indication as 
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determined in said sxp h) <2) is medium. *Hcn the- overall risk of 

5) if a thrcM etaem a& determined In said step g) is tow arid (he 
^jms^oftdk^g eleme&l ift &te threat corre&^cm irj^katior* m 
determined m said step h) (2) ts high, then the overall mk of the 
ekmicflf is medium; 

6) tf a fewt element -as d#t cammed in said step g) is milium and the 

cJwresftfMM^mf . ekrRera in tht tea* cmvMmn mtimxton m 
d^snttiirtfsd m said &te£ h) {1) h ftftg ii$fele, then die overall risk of 
itie element is ncgliy fc5e; 

7) if a tteat ekateftt as determined in said step j) is medium &nd Uie 

cofrespaisdiag dement in the threat correlation indication as 
determined w said step h) (?,)' & to w > the overall risk of the 
e&m£»t is low; 

&} if a threat clement &$ determined in said step g) ss roedmrn and i&e 
corresponding clement in die threat epaciiwoffl Mieatioo &s 
determined in said step h) <2) U medium, then the overaJ! rii&k of 
the element is medium: 

9} if it threat etem&n t as <tae«»iaed m said step g) is mcdisim ami the 

c<«rmpoodiog«laifecat is tbc threat correlation iadkaticsft as 

detcnoliied In said step h) <£} is tagjh, ibcii die ovecall risk of the 

etementis rtiediufn: 
i0)if a threat eterr*em m &mwtim& in said step g) 'is high and Ibc 

corresponding element m the threat son-e&tion indication as 

decetmiRftd in said step h) <2> is negligible, then the- overact risk of 

the element h negligible; 

It.) if a threat element as deiemuited irt said step g) is. hsgh and tN 

corresponding element hi the du^at correlation indication as 

dcienmned in said step ft) (2) is low, then tfte oversli risk or trie 

element is medtum; 
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12) if a ihrtu dement as iteemtmed in said step $) to high «md the 
cojicspomftng element in the threat correlation Mteastcm as 
detcrmi^c4 m &a*d step h) (2) is mc&um, ihm ihc overall risk of 



13) if a threat demerit as determined m step g) is high m& ttic 
corre^K3«ding clement in the thicai cojrd&tmis mdic#No« as 
<k>te.rmjnea1 In srM step h) (2) is tv.lgh> tto the mrcraM risk of 
elertieni is high ; arid 
t>) select the risfc protllc for the fajterl test procedure a* being the 

highest overall risk element. 

44. The system according to cbtm 43, farther <xw3pn;«n# the step of 

45, "Hie system according to claim 44 wherein the overafj target system 
mk is the highest overall risk element of each of one or more Mfcd test 
procedures, 



46- The system according to claim 44 further comprising &e step of 
printing a doc«mem&:ic*8 package, that will cr^ble a dctermwaoor* to oc made 
whether the fcarpt sysiem complies with she at. least on© pre-defined sianc&rd. 
regulation a&d/ox t^uirer^ra sdectsd is said step b). 

47* The system socording to claim 46 whereitt the docttfttcutatios package 
includes a rkk assessment for at temt otw: failed lest prrtccxiHipe:, 



the eleineat i$ high; anil 



.... ^r*-^-.-.^ . 



48, The system according to claim 46 wherein the docuroemanon package 
included an overall system risk. 
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49, A <Xm igniter \n\3%vm* isicdimia W.n U\g Kumpvtzt kiUf u*U<ns>l tlfcieiri 
for irtstrKding a computer to perform a cifinsptitftr^ impicmeiiied and u&sr 
assisted process of generating at least one fee&t procedure for a target system 
havmg m lemt one device capable of being ideMifSed, ttaeti of the at least cm 
iicvic« havwg hardware andfor raftw&rc H said. program medium comp rising the 
steps of: 

a) collecting information descriptive of #t least a hardware and/or software 

specification for trie at least or*e device: 
0} selecting at least one prEdtfmcd slaiifad, regulation afid/<?r require rnerit 

with which tlie target system is to comply; 
e) associating hardware &nd/or software information pertaining, (o the &f 

teas! ®nz device, collect ta sasd mp w*f fc at least one pre-defined 

platform category; 

d) for each tif at least erne platform category, detemtieuftg which of 

one or more te&t procedures mSl be used to test hardware and/Or 
software associated with &atd ai least one platform category hissed art a 
mapping between the test procedwro m& th& m toa one pfcdefuwd 
standard, regulation aaid/ot rtequtortetYt; ami 

e) ge^erattesg «nc or more test procedures as deiercamed m said step d) .fas- 

each platform 

50, The computer program: medium according to claim 49= farther 
comprising ihc stt^ of associating at least oae ftppfkntkm software ptogmn 
mik at tost one ptei-form category, the association indicating that the 
application program ts typically tolled on devices belonging to the platform 
«aifigery. 
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5h The computer program niedium according 10 claim 49 wherein said 
mp a) informaiion is oniltoed, fw f he Enrgrst system comprising a plurality of 
devices withifi a network, by at least one of electronic discovery 'via a network 
end manual entry. 

52, T&e compter program medium according to claim 5* wherein 
electron^ discovery cmnprtses an enterprise msmagement sysmm 

53, Ite comisiter program medium sccordmg fo claim 51 wftercm the 
mfanrctdion collided iu said step a) penaitis to at. least om i>f: Aft iritesnet 
protocol address, a hostname, a media -aot^csws control address, an operating 
aysttsm same* ami an operating system versions, 

54, Tb© oomptitcr progntrn tncdiom according to claim 49 further 
comprising the step of editing said step a) information descriptive of at tern 
{tie hardware -Apeciification arid the operating system of each device, 

55, Thecompoier pmgram rnediiwo wording ?o claim 49 whercia. die 
platform categories comprise a£ least one of desktop computer, laptop 

' computer, mainfraHas computer, Mb, handheld device, and other, 

56, The compter program medium Retarding EO ckira 49 furtJiCJ 
comprising the step of printing, & tet one mt procedure generated in said 
step*). 

SI, The computer program msdiam sccordiag to claim 49 wherein sjud 
step e) generates one test procedure for a platform category when there arc m 
devices associated therewith, and generates one tc$t procedure fo? each devfce 
associated witls 3 platform, category having an i^kaifon to such device is. to 
be tested. 
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58, The computer program tncdium according to claim 49 further 
wmprising the steps of: 

I) performing the steps associated with the test procedures gcnersnecl in 
said step c) to determine whether tt&e tagger system passes or fails the at 
tcfli*? one *he tcsr procedure; 

g) generating a score to each &f a phtraSi ty of threat etemeitK, each, score 

indicating 3 JlfceJifepcd of tto thraM clcrncm «$fectiag arsd'or 
impactmg the tatf et system; md 

h) (I) aborting *i threat correlation ingestion assisted with said at least 

one test paroeedure, whereto said threat correlation indication indicate* 
a restive potential of one w mote Khteats to exploit a 
vulnerability caused t>y a M&re of the at tesi oae test procedure, and 
{£> dcteirn™i;E*g a risk a&scssraeint by £ompsnn£ each score general .in 
said step 0 with a eortespomiitif taeat correlation Mcatioji of said 
sie^h) (I). 

59. tire counter program medium, according to claim. 5£ wherein sitic! 
scores for m& step g) comprise at least one of; 

i) negligible* whe&its ne&tigibfe jm$ic&e$ thias ibe tltreat dement is no* 

appiiea&fc Orbss negligible likelihood of occurrence; 
is) low, wherein fow indicates th&t the teat slemem has a relatively low 

likelihood of occ«rre^ce; 
in) medium-, wheretn medium indicates that the threat element a 

jtyidium likelihood of qecumswfe; md 
iv) high, wherein high indicates that ths threat, eiesneni has a relatively 

fcufh likelihood of occurrence* 
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60. The cumber jwugrattt medium j&coftJittg, U> cUta 58 wbsat&ii: | 
step g) <b^ r el^rt^n^i i^mn-Hs*. rsr jttsxt orvtr nf nmtiraK disaster etamftnix, 

system failare eimmtm, environmental failure elements, unintentional human 
dement*, and intentional human elements. \ 

61 . The computer program medium according to cMm €s0 wherein \M 
natural disaster threat element* comprise at iessi ose of fife, flood., earthquake, 
volcano, tornado and Hg&tiag etaefits. 

62. The- coronafe* program medium, wording to claim 60 wherein the 
syslctn failure threat dewwio'to comprise at bsr one of a ba*d*?su« failure, a 
power failure, and a co)nrimu:nteatioft link feMutc* 

63. The ^mputcrproj^ana medium acceding tocteto 60 wfrcrciin i&e 
environment! MluTe threat element* comprise iu leas* om of temperature* 
power* htimidity,. sand* dust*, shock* and 'vibration* 

64 + The«*>nipu*cr prognun medium wording io claim. 60 wherein the 
humaan unInimdon?d threa* ek*mnt epnjpft&es at least one of a software 
design error » a system design: error, and an operator em>r. 

65, T!*e computer program medium according io claim 60 wherein the 
human intentional threat elements* comprise m least one of an authorized 
system administrator, an mihonzed maintenance personnel, m mtimtimd 
user* a terromt* a hacker, a saboteur, a thief + sand a vaRdaJ., 



i) negligible, wherein negligible mdteatcfr 0«rt the threat is not applicable. 

to die vulnerability; 
it) low t wherein low indicates that the threat has a low potential (o esplo& 

ihe vulnerability; 

in) medium, wherein medium indicates &at the threat has a potential to 

expkai the vulnerability; ad 
tv) high, whereto high indicates thai! die dutja has a relatively high 

pmemisd to exploit the vulnerability 




66, Tt» computer program roed&m according, to claim 60 wherein s&sd 
step h) ( 1> threat correlation indication comprises at least one of the following 



scenes: 
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67. The computer program medium according to claim 66 wherein tht 
mk assessment in said step ft) (2) .is de&muiwaJ in ascorfees wUfc tee 
Mowfog steps* 

a) for eacli etenient in the project direat jprofiie cosfirespofldiag eleroem 
in this tlireat correlation pattern; 

1) if a threat dcmcai score m determined in salt! sicp g) is negltgi'bSc 

and a omt'spondmg dement j« the*. Jkte^t comjtatkvn mdrcariott as 
deternurced in &asd step b)ls anything* (hen (be overall mk of the 
«|erR$m is r*eg|%jble; 

2) IN threat eternal score m (determined in smd step g) is law and the 
oorrc-spcnditig element .in the threat correlation sndsatfiGrt as- 
detenained trc said step fe) is negligible* (hen the o-vetalJ risk of the 
dement is U>w; 

J) if as threat cta&rvl score as dctenwined in said step g) is low and the 
corrq^porjdi^ clement in ibe ihreat carjelatiea indic&wwi «s 
deift^ed ift $aid step fe) ^ law, theti the overall risk ef the 
clcrncm 15 Ipw; 
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4) if a ihxmt elemem scsre a* Ueicmtlrced in m\& x&p g) is tow und the 
c^rw-ij^n/jjiig ?fcmeni in the tht&m raJftetai'-iAft ittdiesftifttt A«. 

deretiwltied m said step h> i% medsam, then the over alJ risk of the 
fckmem is low; 

5') It "a (teal element score m determined in said step g) is tew and the 
c*»mpoadi»g element itt ftse threat correlation MicMkm as 
determined in said step h) ts high, then the overall risk t>£ 
clement is medium; 

6} if a (ItKiai elcEiient seme m dmxim&d hi said step g) is medium m4 
the o>ncsponditng ekment in Utc thnsaE eojre-lattoa mdicatian s& 
toejmirted m s&id saep b) is msgLigtble, then the avc*s$t risk of tb« 
e'Seraectt as negligible; 

?) if 51 threat eiemsctt score as deterrmed in said siq* g) is medium and 
the eoirespoading demmt m tfce ihm& correlation indkatfon m 
determined in said step h) is low, thm the overall ris^k of the- 
ckmcnt k tow; 

ft) ii a threat dement score as determined in said step g} is medta* Msd 
the corresponding clonenl in the threat condition imfkatfon 3$ 
determined in said step b) h niedittm* then the overall risk of the 
element is medium; 

9) if a tta&t clcmen* score as detcnniRed in $&Sd step g) i$ itsediLun &nd 

(he conrcpoflding clement in the threat conrcfotioB Indiicatioa as 
determined irtsa*d step h) is 'high, tben the ovetail %i$k of tbe 

ele-metit is medium; 

10) if a threat etertwrat &c<*re as 4etemutie4 La said s&p g) i& high; aad 

detertiiifted ift said siep h) 1$ t^gjigtble, thea the overaJi risk of the 
element is negligible; 
i J ) it a threat etetnent score as determined in said step g) is high a**d 
to cam&par$ding clement in the threat cotfrafotaoft iadtcaiioa a& 
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determined in. mti mp h) h low, then the- overall mk of \ht 

ckmcm is trndfam; 
12) if a threat elesnem sco»e as deJd*tnin«d sn said siep g) i$ high Md 

the cofrcspomiing clenasm to the threat correlation in*ta*k?a ^as 

detennifted in said step h) bs medium, then She overall ri&k of die: 

dement k Mgfc and 
1 1) if a threat element s&are as c!etcr«^ni£d to said step g} is high md 

the corresponding etemcf^ m the threat correlation indication as 

determined' m md h) h high, ihe« the overall risk of the 

edernent is high; and 
b) selecting the : risk profile for (he, failed fesi procedure as befog the 
highest overall risk element. 



68, The computer program medium according to claim 6?« further 
composing the step of determiritftg aa overall system risk. 

The computer program medium according io cteim 68 wherein the 
overall target system risk ts the Mgh&st overall risk clement of each of one or 
nmtc Mtevd test pxmstimax. 



1(1 The computer progr&FO roedbro according to claim 68 farther 
comrsrising the 'mp q$ pmtmg a documentation package that will enable a 
daeraU)&sf;io*3 to be ntUKte whether tfce target system compiles wfc the at teast 
o&e predefined standard* rsgutetion smd/br yeqiairetBent selected in &ai<t step 
bh 

li. The computer program niediurn according so pbjni 7C* wherem ihc 
decu mentation package tnciudes a mk assessment for at teas? erne failed em 
procedure 
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72L The computer program medium acawnaiag to claim 70 wfccreln itte 
d^utfttrfttatiort package ifttkide* m overall system risk. 

73, A system for generating ai leasa one tes* procedure for a large* system 
having at least <me device capable of heifig ideaaifted, each of the &x teasi ores, 
device having hardware radfor software, said system comprising:: 

a) a discover)* ermine thai seaits sfce target system ibr ?*jc tod ware 

coaQgiinmori. operating sysrein and>% appitatiOfl programs of each of 
the at least on« device; 
b> at least one storage medium for storing thereon at ieasr; 

(ft at least oive predefined standard, regulation m&ot requirement 

with wMcfc the sejprattf is w> comply* «n«* 
(ii) data pertaining to at least, one platform category, each pSatform 
&tegofy h&v|;rtjg ^ssoctetcd tbwewtth afte Of more devices 
having at tost a hardware spcsciUcaMon arid &n operating 
system: &r*d 

c) decision logic ftr detenmaiiig which of sero or more test procedures 
wiSI be used tit) te& each of the fct teaSt one platform category teed on a 
snapping tewoc'n the test procedures and &o at least, one predefined standard, 
refutation and/or re-quireroetsi. 

74. The system sceordiftg «0 claim 73 fonher comprising a printer for 
printing the one or more- eesi procedures, 

IS. Hie .system according to d&iot wherein the scfinaer collects =for 
each device infonhation pertaining to at least one of; m IP address, a 
hostname, a media access control address* opersfcrog system jiaftie, operating 
sy&teni version. 
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7©\ The system aeeoroltt* to claim 75 therein the scanner rsmfcer collect 
fofejmati&n pe&am&g itt Owe of ftppfieat&fi software, hard <iifcfc drive 
oapa&ity, device manufsc&tfer, aiftd device model 

77 A system Sot generating 3t Seast one test procedure for a target ostein 
bavtssg at least one «Vvic& cap&bte of being Mwii fted, t^ach at' the at teasst one 
devtee having hardware and/or software, said $y^m.cam|»i&ing; 

a) a ds$c»v^i-y wg\m thm scans the target system Mvmmw descriptive 
of at Jess* ft hardware anoVor software specification for the as least one 
device; 

h) a storage medium for storing a* Aes« ™*e predefined standard, 
regulation rmd/ortequtreme^ with which the targes system is to 
comply; and 

c) a phiraHty of infocmsdon entities, sacfc of plurality of information 

crtftMes storing data -pertaining to at kasl one preoVJned platform 
category, each platform category defining one or mere devisees having 
at least 2 hardware «p&£ifkfttk)tt and &n Operating systfcftt; ind 

d) dec&kin logic: fortocmuning which of one or nsorc test procedures 

wtll be used *.o each platform ca&goty based on a mapping 
between the test procedures and the as least one predefined standard, 
regulation artd/or requirement 

7£, The $y&zm according to slaim 77 wherein said plurality of 
information eatiiies comprise rel&ttontai dsrafc&se tables , 

7%., The system according *o claim ?& wherein said reiaUoaai datsba&e 
tables comprise tabtes far defining : a) each of ih* at l&m oa*e piatibrro 
cascgory; b) each offbeat least one cbvtec; c) each application program; d) 
each defined association between; an application program m4 a ptiatfonn 
category, wherein each sttch assikisckm ind3cate& that ifte application pfopam 
n lypksatly .instali^d on devices belonging to the platform category; e) each 
defined assodttkm between an application program a&d a device* wherein 
each such &s$oeifttioft indicates thai the application progratti & actually 
incited on the device; m$ g) each standard operating .system. 
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80* A system for generating at least ooe test procedure for a tafgei system 
comprising at feast oest device, each of the at least tme device eompnsing a 
ccHH&na&M* of teardware and software, said system comprising: 

a) a discovery engine to sc&as the tafget system for at least a hardware 

and/or software sp&tific&tkm fbf (he at least one device; 

b) at least otic Murage medium for storing iltctcuri; 

Ci) at least, one predefined siairvdard* regvj&tiorj and/or retirement: 
with which the target &yste*».i$ to comply; arid 

(Si) data ^t&iii&g io at least one ptafforttt category, each piatfojriij 
C3$Pgd£y h&Vsrig associated therewith arte or rm?p& devices 
having a* least a hardware, specification and an operating* 
system; and 

c) decision logic for; 

i) associating hardware anchor software ink^mmkm jpotainmg so 
the «t bast one devkc, coltesd by said d&covcry engtoe, with 
at feast one pre-defined platform category; 
8) for each o f said at least otic platform category* detsrrmrjing 
which of one or more lest procedures mil be tssed to test 
hardware ami'or software associated with said at te^-oae 
pNfarrn category based on a mapping between the test 
pwecdurex oiidi the at teast. ueic pjede fined suuuhiiKL, uc&tdittkw 
and/or rni#*r$tti&nV; m$ 
it*) j*eaeraring oxse or more test prcjc^tees as determined in said 
mp n) for each platform category. 

St . The system according to claim 80 further comprising a printer for 
prin ting the one or more test pfoceduies- 

82. The system aoocadirtg to chum SO wherein mid network discovery 
engine collects for each device infarrnation fKsrfcunijtg tt» at Scast one of; m IP 
address, 3 ; tatoarnc, % media access control address, operating system name, 
operating system version, 

::: /(A«^ji^riifc syste«i according w> ciakn 80 whsrem said nerworif discovery en&mc further ^Htsa* 
tafonnasitm pmamm$ k* as feint one of ai^lteafoft saftwra**. Hard disk diive <sarsactty. dev ice msirofasaarer. 
ant* devise- model. 
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m. A system for gaming at t<m om test prfxaaforts for 3 target -$y«tem 
having m least one de-vice capable of feeing identi fied, each of the at to* one 
device having hardware aadtatf software* said system comprising: 

a) rtteani for scaaaitig the laigct System information <tecripiive of least 

a hardware and/or software* QXMfwmon for the at least one device; 
!>> i»e«ffl» for staring »( teas* « predefined standard^ rcgyhtfiau ami/or 
requirement wiib which mrge? system is 10 comply; and 

c) mesas for assisting hardware rnvd/ttr software mfamt&iian pert&niag 

to thfc at lests* one devse^ coiteed by &ad means for fanning, wiih at 
teast <>rie pre-detfkied platform category; 

d) for each of said at least one platform calory, means for detemsiftiag 

which of emit or mons u&t procedures wi\\ be used to test ted w are 
a&dfor software .assod^ed w*th: said at km one pl&tftyrm category 

based of i a mapping between the test procedures aisiS tlse ai least owe 
prmtaftfted tfantfttrd, regiMaifon **fiH/fv wqmmrofinr; and 
e) .means for generating one or more test, pracetoes a& determined la s*at€t 
step cf) for each platform $mgmy< 



\ 
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£5 -, A *y$te*» for gmcm'mg ut least oae test procedure for a target system 
comprising at km. Qnc device, each of the as least one device crarij>H$mg a 
combination of hardware and software said system compmio^; 

a} tmms for s^nitig the target system for at imt a hardware sm&fof 
software specjfteauon for th* «t least on« <te v ise; 

b) roeaifcis for storing tftmottt 

{i) m least om: prodctmcd standard, regulation amlfor miuirtti&em 

■«?ith which *he segn*eat.i$ lo comply; swwi 
{«) data pertaining to a* least one pMonri category, each pSattbrm 

category having associated ihcxevvith oae or more devk&s 

having at N&t a hardware spedfeuoa arid .aa operaiirtf 

system; ar*d 

c) means for associating hardware artdfor softwstre in.fomiattori pcrtasning 

to ifte at lease one device, collected by said, discovery engine* witfe at 
least one pre-dsfmcd pSasfomi category; 

4) for each of said at least oae pMform category, m$$m for deu^ming 
which of one or more test procedures will be m$d to test hardware 
and/or software associated w«h .said at ie&s? om pl&ttmm category 
based oft a m&ppms between the r&u procedures and trie at legist o?*e 
predefined staadaid, regulation xtm^orrequjcKinent; and 

c) means for f^Rfcrating o&e m w tes? procedure*, as detejmingtf by said 
means for de&nniiHiig, far each platform category. 

86. A csrapjter*as&i : sted method of generating at bast one tost procedure 
for a larger System having at le&si osse device capabte of 'feeing ide:tu tried, each. 
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